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REMARKS 

Applicants submit this Response in response to the Office Action mailed March 22, 2005 
(the "Office Action"). *is Response, Applicants have amended the specification, amended 
claims 1, 4, 6, 9, 1 1, 15, 16 and 19, and added new claims 21-24. No new matter has been 
added. 

In the Office Action, the Examiner objects to the disclosure for failing to include the U.S. 
Patent application numbers for two of the applications cited in paragraph 1 of the application. 
Paragraph 1 has now been amended to include the appropriate application numbers and the 
objection to the specification is therefore overcome. Applicants thus respectfully request that the 
objection be withdrawn. 

In the Office Action, the Examiner has (1) rejected claims 1-20 under 35USC § 102(b) as 
being anticipated by U.S. Patent No. 5,798,706 to Jeffery A. Kraemer, et al. (the "Kramer '706 
Patent"), (2) rejected claims 1-3, 5-8, 10-13, 15-18 and 20 under 35USC § 102(b) as being 
anticipated by U.S. Patent No. 6,701,432 to Feng Deng, et al. (the "Deng '432 Patent"), and (3) 
rejected claims 4, 9, 14 and 19 under 35 U.S.C. § 103(a) as being unpatenable over the Deng 
'432 Patent in view of the Kraemer *706 Patent. Applicants respectfully request reconsideration 
of the present application and allowance of the claims based on the following. 1 

Independent Claim 1 recites an apparatus for detecting adversarial activity on a network. 
The apparatus includes 

a memory adapted to store a host table; 

a key exchanger adapted to derive a cipher key 

a translator adapted to translate predetermined portions of packet header 
information of a data packet according to a cipher algorithm keyed by the cipher 
key, wherein the predetermined portions include an address; 

a mapping device adapted to map the address to the host table; 

a host resolution device adapted to determine addresses of devices on the 
network when the address does not match an entry in the host table and to 
supplement the host table with any additional addresses, wherein said mapping 



1 As Applicants* remarks with respect to die Examiner's rejections are sufficient to overcome these rejections, 
Applicants* silence as to assertions by the Examiner in the Office Action or certain requirements that may be 
applicable to such rejections (e.g., whether a reference constitutes prior art, motivation to combine references) is not 
a concession by Applicants that such assertions are accurate or such requirements have been met, and Applicants 
reserve the right to analyze and dispute such in the future. 
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device is further adapted to again map the address to host table following 
supplementation; and 

an actuator adapted to trigger a security device when the address does not 
match an entry in the host table. 

Neither of the cited references, taken either individually or in combination, teaches or 
suggests the apparatus of independent Claim 1 . In this regard, the Kraemer '706 patent describes 
a network configuration designed to detect back door communication between a work station on 
the network and device outside of the network. As an example, this back door communication 
could be conducted via a modem associated with a work station that connects to a device outside 
of the network in a manner that is independent of the gateway through which communications 
with devices outside of the network are intended to flow. According to the Kraemer *706 patent, 
a packet scanner is connected to the network, such as a local area network, and compares the 
source and destination addresses of packets transmitted over the network to addresses on two 
different tables. A first table includes the addresses of the devices on the network, while the 
second table identifies the hardware addresses of the gateways authorized to be connected to the 
network. See column 3, line 46-59 of the Kraemer '706 patent. 

If the source and destination addresses are not included in the tables, the Kraemer 4 706 
patent describes various event routines being performed, which may include logging of 
information relating to the destination and source devices, the content of the packet at the time at 
which the event occurred, and the like. Although the Kraemer *706 patent does describe logging 
situations in which the source and destination addresses are not included in a table, the Kraemer 
*706 patent does not teach or suggest "a host resolution device adapted to determine addresses of 
devices on the network when the address does not match an entry in the host table and to 
supplement the host table with any additional addresses," as recited by independent Claim 1 . 
Indeed, the Kraemer *706 patent does not teach or suggest that the tables should be updated, 
revised or otherwise modified in instances in which the source and destination addresses are not 
included within the tables. As such, the Kraemer *706 patent also fails to teach or suggest "a 
mapping device adapted to map the address to the host table" and "further adapted to again map 
the address to host table following supplementation," as also recited by independent Claim 1. 
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The Deng '432 patent also fails to teach or suggest the apparatus of independent Claim 1 . 
The Deng '432 patent includes a gateway for screening packets transferred over a network. The 
gateway is described to include a firewall engine and a memory that are coupled not only by a 
memory bus, but also by a local bus to thereby facilitate enhanced communication between the 
firewall engine and the memory. The firewall engine examines incoming packets and, in 
particular, the address of the incoming packets so as to screen the incoming packets in 
accordance with one or more rule sets. While the firewall engine of the Deng '432 patent may 
detect an incoming packet having an address that does not match an anticipated address as 
defined by a respective rule set and may therefore prevent the packet from entering the network 
protected by the gateway, the Deng *432 patent does not teach or suggest *'a host resolution 
device adapted to determine addresses of devices on the network when the address does not 
match an entry in the host table and to supplement the host table with any additional addresses," 
as recited by independent Claim 1. As such, the Deng '432 patent likewise fails to teach or 
suggest "a mapping device adapted to map the address to the host table" and "further adapted to 
again map the address to host table following supplementation," as also recited by independent 
Claim 1. 

Since neither of the cited references teaches or suggests at least a host resolution device 
as recited by amended independent Claim 1, any combination of these references likewise fails 
to teach or suggest a host resolution device. Thus, the rejection of amended independent Claim 1 
is overcome, and Applicants respectfully request withdrawal of the rejections of Claim 1 . 

Independent Claim 6 recites a method for detecting adversarial activity on a network that 
includes 

storing a host table; 
deriving a cipher key; 

translating predetermined portions of packet header information of a data 
packet according to a cipher algorithm keyed by the cipher key, wherein the 
predetermined portions include an address; 

mapping the address to the host table; 
determining addresses of devices on the network when the address does not match 
an entry in the host table and supplementing the host table with any additional 
addresses prior to repeating the mapping of the address to the host table; and 

triggering a security device when the address does not match an entry in 
the host table. 
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Likewise, independent Claim 1 1 recites a device for detecting adversarial activity on a network 
and includes various means for performing the method of Claim 6, and independent Claim 16 
recites a bastion host adapted for processing packet header information of the data packet and 
operable to perform the method of Claim 6. 

For similar reasons as described above in conjunction with independent Claim 1, 
independent Claims 6, 11 and 16 are also not taught or suggested by the Kraemer 4 706 patent 
and/or the Deng '432 patent, taken either individually or in combination. Thus, the rejections of 
amended independent Claims 6, 1 1 and 16 are also overcome, and Applicants respectfully 
request that the rejections of Claims 6, 1 1 and 16 be withdrawn. 

Claims 2-5, 7-10, 12-15 and 17-20, which depend from independent Claims 1, 6, 11 and 
16, are also patentably distinct from the cited references, taken either individually or in 
combination, for at least the same reasons as described above in conjunction with their respective 
base independent claims. 2 As such, the rejection of the dependent claims is therefore also 
correspondingly overcome, and Applicants respectfully request that the rejections of claims 2-5, 
7-10, 12-15 and 17-20 be withdrawn . 

Applicants have added new claims 21-24 which are dependent on Claims 1, 6, 1 1 and 16, 
respectively. New dependent Claims 21-24 recite other unique aspects of the claimed invention, 
also not taught or suggested by the Kraemer '706 patent and/or the Deng '423 patent. Applicants 
therefore believe claims 21-24 to be patentable over the cited references for at least this 
additional reason. 

In view of the foregoing, it is respectfully submitted that all of the claims of the present 
application are in condition for immediate allowance. It is therefore respectfully requested that a 
Notice of Allowance be issued. The Examiner is encouraged to contact Applicants' undersigned 
attorney to resolve any remaining issues in order to expedite examination of present application. 



2 As Applicants* remarks with respect to the base independent claims are sufficient to overcome the Examiner's 
rejections of all claims dependent therefrom, Applicants* silence as to the Examiner's assertions with respect to 
dependent claims is not a concession by Applicants to the Examiner's assertions as to these claims, and Applicants 
reserve the right to analyze and dispute such assertions in the future. 
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It is not believed that extensions of time or fees for net addition of claims are required, 
beyond those that may otherwise be provided for in documents accompanying this paper. 
However, in the event that additional extensions of time are necessary to allow consideration of 
this paper, such extensions are hereby petitioned under 37 CFR § 1.136(a), and any fee required 
therefore (including fees for net addition of claims) is hereby authorized to be charged to Deposit 
Account No. 07-2347. 



Customer No. 32127 

Verizon Corporate Services Group, Inc. 
C/O Christian R, Andersen 
600 Hiddenridge, HQE03H14 
Irvin, Texas 75038 
Telephone: (972)718-4800 
Facsimile: (972)718-3946 
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